Security firm says Sony hack might have been an inside job
Despite claims by the FBI that North Korea was behind the massive hack against Sony, several cybersecurity experts have come forward to raise questions about the allegation, with some suggesting that insiders at the company could be to blame.
One such expert, Kurt Stammberger from the Norse cybersecuirty firm, told CBS News that his team believes a woman identified only as “Lena” was heavily involved in the hack – not North Korea.
"We are very confident that this was not an attack master-minded by North Korea and that insiders were key to the implementation of one of the most devastating attacks in history," he told the news outlet.
"Sony was not just hacked, this is a company that was essentially nuked from the inside,” Stammberger added.
Little is known about Lena, but Norse believes the woman is somehow linked with the hacking group behind the attack, known as the 'Guardians of Peace.' The firm also suspects the woman was a former employee of Sony who worked there for 10 years before leaving in May 2014.
According to Stammberger, Lena’s position in the company would have given her the access and knowledge needed to identify the servers that hackers ultimately stole troves of data from.
Stammberger didn’t completely rule out North Korea’s role in the cyber attack, but he told CBS that evidence pointing to the country could actually be a case of misdirection.
"There are certainly North Korean fingerprints on this but when we run all those leads to ground they turn out to be decoys or red herrings," he said.
Last week, the FBI officially pinned the hack on North Korea, saying the breach involved lines of code, methods, and encryption algorithms previously developed by the country.
“Technical analysis of the data deletion malware used in this attack revealed links to other malware that the FBI knows North Korea actors previously developed,” the FBI said in its statement. “The FBI also observed significant overlap between the infrastructure used in this attack and other malicious cyber activity the US government has previously linked directly to North Korea.”
“Separately, the tools used in the SPE attack have similarities to a cyberattack in March of last year against South Korean banks and media outlets, which was carried out by North Korea.”
Still, some remain unconvinced. Cybersecurity expert Bruce Schneier wrote that the code used by the hackers seems “to point in all directions at once.” Looking at the evidence cited by the FBI, Schneier said it’s the kind that is “easy to fake, and it’s even easier to interpret it incorrectly.” He also cast doubt on the “insider threat” theory, arguing that such an individual wouldn’t need the hacking tools used to breach Sony’s servers.
Schneier noted that the FBI has not revealed all the reasons for its claim, though, and acknowledged that classified evidence could clearly point the finger at North Korea. Unless that evidence is known, it’s hard to say with any certainty.
Other possibilities include the idea that North Korea “co-opted” the initial attack after an embarrassing glut of information was made public, using that as an opportunity to strike Sony, as it was reeling and facing pressure to cancel 'The Interview' movie.
— Hollywood Reporter (@THR) December 25, 2014
While Sony did cancel the premiere and release of 'The Interview' – a comedy which tells the story of a CIA plot to assassinate North Korean leader Kim Jong-un – it has since relented in the face of public criticism, which included harsh words from President Barack Obama. The movie is now available on streaming services and will be in theaters in limited release on Christmas Day.
Regarding the film’s release, a North Korean envoy to the United Nations said the country will condemn the decision but will not have any “physical reaction.” He added that the movie is an "unpardonable mockery of our sovereignty and dignity of our supreme leader."
The diplomat also told the Associated Press that his country was not involved in the hack.